Category Started On Completed On Duration Cuckoo Version
FILE 2014-06-30 08:06:01 2014-06-30 08:07:49 108 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine4 xpmachine4 VirtualBox 2014-06-30 08:06:02 2014-06-30 08:07:48

File Details

File name Avis.de.Paiement.scr
File size 38912 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 87E2A6A5
MD5 66dcf2e32aa902e2ffd4c06f5cb23b43
SHA1 3a2bbef2c1656f763ab74b35446a605aef72e52c
SHA256 38aea4b3b7aecf07ffa1ff7f771498528bb5f1bf3ca70076fc8dccef58bf5e7f
SHA512 bcc2371984443c5ccbcf68b94ba7831244927ed7e0a1da27a00fe2314520fbdce3b86a5f2665a1bbc3be749490499101ba0b2683f17e05b7a48bdfebbeff84a1
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-06-30 12:05:02
Detection Rate: 2/53 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious

Screenshots

Static Analysis

Version Infos

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\WINDOWS\system32
  • *.dll
  • C:\
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\Avis.de.Paiement.scr
  • C:\WINDOWS\system32\msiexec.exe
Mutexes Nothing to display.
Registry Keys
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003
  • HKEY_USERS\S-1-5-21-1935655697-1606980848-1060284298-1003\Control Panel\Desktop
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

Processes

registry filesystem process services network synchronization

Avis.de.Paiement.scr PID: 992, Parent PID: 420

msiexec.exe PID: 484, Parent PID: 992

Volatility

Nothing to display.